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Amendment to the Claims : 

This listing of claims replaces all prior versions;, and 
listings, of claims in the application: 

1. (Currently Amended) A method of integrating a device 
into a secure network, comprising: 

establishing a tunnel between an authent icator in the 
network and a device, the tunnel using a tunnel protocol, the 
authenticator having a first public key, the device having a 
second secret and a second public key; 

generating a first hash haohing a first secret for 
transmission to the device, the first hash generated using a 
secret obtained from a user, the first public key, the second 
public key and a random number generated from the tunnel 
protocol to produce a haoh of the first occrct ; 

comparing the first hash with a second hash, wherein the 
second hash is generated at the device; and 

upon determining that the first hash matches the second 
hash, establishing an authenticated session between the device 
and the authenticator when the haoh of the first secret matches 
a haoh of the second occrct . 

2. (Currently Amended) The method of claim 1, further 
comprising : 

generating the second hash haohing the occond occrct at the 
device to produce the haoh of the occond occrct using the first 
public key, the second public key , the second secret, and a 
occond the random number generated from the tunnel protocol . 

3. (Currently Amended) The method of claim 1, wherein 
the authenticator has a first private key, the method further 
comprising : 
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encrypting the first hash of the firat occrct using the 
second public key; [[and]] 

placing the encrypted hash into a message ; and 
sending the message to the device . 

4. (Currently Amended) The method of claim 3, further 
comprising signing the message with the first private key 
[[with]] to generate a digital signature. 

5. (Currently Amended) The method of claim [[3]] 4, 
wherein the device comprises a second private key; and further 
comprising : 

checking the digital signature using a first public key; 

and 

decrypting the message using the second private key. 

6. (Currently Amended) The method of claim 1, the 
establishing the tunnel between the authenticator in the network 
and the device further comprising: 

determining if a hash value of the second public key 
matches a displayed hash value obtained from obocrved a t the 
device; and 

receiving the secret obtained from the user, determining if 
the first occrct matches- a displayed occrct obocrved at the 
device; 

wherein the occond occrct io the dioplaycd oecrct after 
entry into a network conoolc connected to the authenticator. 

7. (Currently Amended) The method of claim 6, wherein 
the device includes a label having displaying the displayed hash 
value and the dioplaycd secret obtained from the user. 
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8. (Cancelled) 

9. (Cancelled) 

10. (Currently Amended) The method of claim [[5]] 6_, 
wherein the device comprises a display and an application, the 
application rendering the displayed hash value and enabling the 
user to provide the displayed secret on the display. 

11. (Currently Amended) The method of claim 1, wherein 
the authenticator comprises a first credential list and. the 
device comprises a second credential list, the method further 
comprising : 

determining if the second public key from the device is on 
the first credential list; and 

determining if [[a]] the first public key from the device 
is [[in]] on the second credential list. 

12. (Currently Amended) The method of claim 1, wherein 
the authenticator comprises a first credential list and. the 
device comprises a second credential list, the method further 

c omp r i s i ng , upon establishing the authenticated session between 
the device and the authenticator : 

placing the first public key in the second credential list; 

and 

placing the second public key in the first credential list. 

13. (Currently Amended) An apparatus comprising: 
circuitry, for integrating a device into a> secure 

network, to: 

establish a tunnel between an authenticator in the network 
and a device, the tunnel using a tunnel protocol, the 
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authenticates having a first public key, the device having a 
second secret and a second public key; 

generate a first hash a first secret for transmission to 
the device, the first hash generated using a secret obtained 
from a user, the first public key, the second public key and a 
random number generated from the tunnel protocol to produce a 
hash of the first secret ; 

compare the first hash with a second hash, wherein the 
second hash is generated at the device; and 

upon determining that the first hash matches the second 
hash, establish an authenticated session between the device and 
the authenticator when the hash of the first secret matches a 
hash of the second secret . 

14. (Currently Amended) The apparatus of claim 13, 
further comprising circuitry to: 

generate the second hash the second secret at the device fee 
produce the hash of the second secret using the first public 
key, the second public key , the second secret, and a second the 
random number generated from the tunnel protocol . 

15. (Currently Amended) The apparatus of claim 13, 
wherein the authenticator has a first private key, further 
comprising circuitry to: 

encrypt the first hash of the first secret using the second 
public key; [[and]] 

place the encrypted hash into a message ; and 
send the message to the device . 

16. (Currently Amended) The apparatus of claim 15, 
further comprising circuitry to sign the message with the first 
private key [[with]] to generate a digital signature. 
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17. (Currently Amended) The apparatus of claim [[15]] 16, 
wherein the device comprises a second private key; and further 
comprising circuitry to: 

check the digital signature using a first public key; and 
decrypt the message using the second private key. 

18. (Currently Amended) The apparatus of claim 13, the 
circuitry to establish the tunnel between the authent icator in 
the network and the device further comprising circuitry to: 

determine if a hash value of the second public key matches 
a displayed hash value obtained from observed at the device; and 

receive the secret obtained from the user, determine if the 
first secret matches a displayed secret observed at the device, 

wherein the second secret ia the displayed secret after 
entry into a network console connected to the authenticator . 

19. (Currently Amended) The apparatus of claim 18, 
wherein the device includes a label having displaying the 
displayed hash value and the displayed secret obtained from the 
user . 

20. (Cancelled) 

21. (Cancelled) 

22. (Currently Amended) The apparatus of claim [[17]] l_8, 
wherein the device comprises a display and an application, the 
application rendering the displayed hash value and enabling the 
user to provide the displayed secret on the display. 
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23. (Currently Amended) The apparatus of claim 13, 
wherein the authenticator comprises a first credential list and 
the device comprises a second credential list, further 
comprising circuitry to: 

determine if the second public key from the device is on 
the first credential list; and 

determine if [[a]] the first public key from the device is 
[[in]] on the second credential list. 

24. (Currently Amended) The apparatus of claim 13, 
wherein the authenticator comprises a first credential list and 
the device comprises a second credential list, further 
comprising circuitry to: 

place the first public key in the second credential list; 

and 

place the second public key in the first credential list, 
upon establishing the authenticated session between the device 
and the authenticator . 

25. (Currently Amended) An article comprising a machine- 
readable medium that stores executable instructions for 
integrating a device into a secure network, the instructions 
causing a machine to: 

establish a tunnel between an authenticator in the network 
and a device, the tunnel using a tunnel protocol, the 
authenticator having a first public key, the device having a 
second secret and a second public key; 

generate a first hash a first □ccrct for transmission to 
the device, the first hash generated using the a secret obtained 
from a user, the first public key, the second public key and a 
random number generated from the tunnel protocol to produce a 
hash of the first secret ; 
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compare the first hash with a second hash, whereir. the 
second hash is generated at the device; and 

upon determining that the first hash matches the Eecond 
hash, establish an authenticated session between the device and 
the authenticator when the hash of the firat accrct matches a 
haoh of the second accrct . 

26. (Currently Amended) The article of claim 25, 
instructions causing a machine to generate the second hash the 
second secret at the device to produce the haoh of the second 
accrct using the first public key, the second public key , the 
second secret, and a second the random number generated, from the 
tunnel protocol. 

27. (Currently Amended) The article of claim 25, wherein 
the authenticator has a first private key, further comprising 
instructions causing a machine to: 

encrypt the first hash of the first occrct using the second 
public key; [ [and] ] 

place the encrypted hash into a message ; and 
send the message to the device . 

28. (Currently Amended) The method article of claim 27, 
further comprising instructions causing a machine to sign the 
message with the first private key [ [with] ] to generate a 
digital signature. 
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29. (Currently Amended) The article of claim [[27]] 28, 
wherein the device comprises a second private key; and further 
comprising instructions causing a machine to: 

check the digital signature using a first public key; and 
decrypt the message using the second private key. 

30. (Currently Amended) The article of claim 25, the 
instructions to establish the tunnel between the authenticator 
and the network further comprising instructions causing a 
machine to: 

determine if a hash value of the second public key matches 
a displayed hash value obtained from observed at the device; and 

receive the secret obtained from the user, determine if the 
first secret matches a diaplaycd secret observed at the device; 

wherein the second secret io the displayed secret after 
entry into a network console connected to the authenticator. 

31. (Currently Amended) The article of claim 30, wherein 
the device includes a label having displaying the displayed hash 
value and the displayed secret obtained from the user . 

32. (Cancelled) 

33. (Cancelled) 

34. (Currently Amended) The article of claim [[2 9]] 30 , 
wherein the device comprises a display and an application, the 
application rendering the displayed hash value and enabling the 
user to provide the displayed secret on the display. 
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35. (Currently Amended) The article of claim 25, wherein 
the authenticator comprises a first credential list and the 
device comprises a second credential list, further comprising 
instructions causing a machine to: 

determine if the second public key from the device is on 
the first credential list; and 

determine if [ [a] ] the first public key from the device is 
[[in]] on the second credential list. 

36. (Currently Amended) The article of claim 25, wherein 
the authenticator comprises a first credential list and the 
device comprises a second credential list, further comprising 
instructions causing a machine to: 

place the first public key in the second credential list; 

and 

place the second public key in the first credential list^ 
upon establishing the authenticated session between the device 
and the authenticator . 

37. (Cancelled) 

38. (Cancelled) 

39. (Cancelled) 

40. (Currently Amended) A consumer electronic product, 
comprising 

a display; 
memory; 

a processor configured to connect the product to a secure 
network by performing operations comprising : -^— and 
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circuitry to connect to a acourc network, — the circuitry 
comprising circuitry to : 

establish establishing a tunnel between an 
authenticator in the network and a device the product , the 
tunnel using a tunnel protocol, the authenticator having a first 
public key, the device product having a second secret and a 
second public key; 

generating a first hash hashing a firot occrct , the first 
hash generated using a secret obtained from a user, the first 
public key, the second public key and a random number generated 
from the tunnel protocol to produce a hash of the first secret; 

comparing the first hash with a second hash, wherein the 
second hash is generated at the product; and 

upon determining that the first hash matches the second 
hash, establishing eatabliah an authenticated session between 
the device product and the authenticator when the hash of the 
first occrct matchca a haoh of the accond □ccrct . 



41. (Original) The product of claim 40, wherein the 
product is a cellular phone. 



42. (Original) The product of claim 40, wherein the 
product is a personal digital assistant. 



43. (Original) The product of claim 40, wherein the 
product is a computer system. 



44. (Original) The product of claim 40, wherein the 
product is a wireless camera. 
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